cgroups: remove compile-time bpf support detection

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/configure.ac b/configure.ac
index 31176702e31eadec4e0369dfce2b3f0d80e88053..c79d4af0d1e5eb552de0336a5afee1c9f702ad26 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -385,10 +385,6 @@ AM_COND_IF([ENABLE_CAP],
         AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[])
         AC_SUBST([CAP_LIBS], [-lcap])])
 
-AC_CHECK_HEADERS([linux/bpf.h], [
-       AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include <linux/bpf.h>]])
-], [], [])
-
 # Configuration examples
 AC_ARG_ENABLE([examples],
        [AS_HELP_STRING([--enable-examples], [install examples [default=yes]])],

diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
index 8267812726b3e2b6115c43ba7a018c4c03a86a18..a45b2ce2fbad7224b3abdaf741fbb5e6f9d45655 100644 (file)
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -34,9 +34,7 @@ static char *api_extensions[] = {
        "network_gateway_device_route",
        "network_phys_macvlan_mtu",
        "network_veth_router",
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        "cgroup2_devices",
-#endif
        "cgroup2",
        "pidfd",
        "cgroup_advanced_isolation",

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 3c33c964ec46b1d3dfc55a00a0f6934b6b414f95..711a9d7f5493d8d7883ccfc47e0c7ed6e15785f7 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -864,11 +864,9 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
                return;
        }
 
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        ret = bpf_program_cgroup_detach(handler->cgroup_ops->cgroup2_devices);
        if (ret < 0)
                WARN("Failed to detach bpf program from cgroup");
-#endif
 
        if (!lxc_list_empty(&handler->conf->id_map)) {
                struct generic_userns_exec_data wrap = {
@@ -3104,7 +3102,6 @@ static int bpf_device_cgroup_prepare(struct cgroup_ops *ops,
                                     struct lxc_conf *conf, const char *key,
                                     const char *val)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        struct device_item device_item = {};
        int ret;
 
@@ -3118,7 +3115,6 @@ static int bpf_device_cgroup_prepare(struct cgroup_ops *ops,
        ret = bpf_list_add_device(conf, &device_item);
        if (ret < 0)
                return -1;
-#endif
        return 0;
 }
 
@@ -3172,7 +3168,6 @@ __cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops,
 
 __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct lxc_handler *handler)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        __do_bpf_program_free struct bpf_program *prog = NULL;
        int ret;
        struct lxc_conf *conf;
@@ -3252,7 +3247,6 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct
        prog_old = move_ptr(ops->cgroup2_devices);
        ops->cgroup2_devices = move_ptr(prog);
        prog = move_ptr(prog_old);
-#endif
        return true;
 }
 

diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c
index f2a155e41446931369f35219739905b2b1b0bccb..c5afa0ad6d92ca866ad160ea3a1a1dbe9d5c870d 100644 (file)
--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -22,10 +22,6 @@
 #include "macro.h"
 #include "memory_utils.h"
 
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
-#include <linux/bpf.h>
-#include <linux/filter.h>
-
 lxc_log_define(cgroup2_devices, cgroup);
 
 #define BPF_LOG_BUF_SIZE (1 << 23) /* 8MB */
@@ -567,4 +563,3 @@ bool bpf_devices_cgroup_supported(void)
 
        return log_trace(true, "The bpf device cgroup is supported");
 }
-#endif

diff --git a/src/lxc/cgroups/cgroup2_devices.h b/src/lxc/cgroups/cgroup2_devices.h
index 18bd253e54d643ac378ccd0722fbff7bdd092336..9140872ed7c71f4725fbc67938ec7644e5136ab5 100644 (file)
--- a/src/lxc/cgroups/cgroup2_devices.h
+++ b/src/lxc/cgroups/cgroup2_devices.h
@@ -24,33 +24,15 @@
 #include "memory_utils.h"
 #include "syscall_numbers.h"
 
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
-#include <linux/bpf.h>
-#include <linux/filter.h>
-#endif
-
-#ifndef BPF_F_ALLOW_OVERRIDE
-#define BPF_F_ALLOW_OVERRIDE (1U << 0)
-#endif
-
-#ifndef BPF_F_ALLOW_MULTI
-#define BPF_F_ALLOW_MULTI (1U << 1)
-#endif
-
-#ifndef BPF_F_REPLACE
-#define BPF_F_REPLACE (1U << 2)
-#endif
+#include "include/bpf.h"
+#include "include/bpf_common.h"
 
 #ifndef HAVE_BPF
-
-union bpf_attr;
-
-static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size)
+static inline int bpf_lxc(int cmd, union bpf_attr *attr, size_t size)
 {
        return syscall(__NR_bpf, cmd, attr, size);
 }
-
-#define bpf missing_bpf
+#define bpf bpf_lxc
 #endif /* HAVE_BPF */
 
 struct bpf_program {
@@ -59,9 +41,7 @@ struct bpf_program {
        __u32 prog_type;
 
        size_t n_instructions;
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        struct bpf_insn *instructions;
-#endif /* HAVE_STRUCT_BPF_CGROUP_DEV_CTX */
 
        int fd_cgroup;
        int attached_type;
@@ -77,7 +57,6 @@ static inline bool bpf_device_block_all(const struct bpf_program *prog)
 static inline bool bpf_device_add(const struct bpf_program *prog,
                                  struct device_item *device)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        if (device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE)
                return false;
 
@@ -88,14 +67,12 @@ static inline bool bpf_device_add(const struct bpf_program *prog,
        /* We're allowing all devices so skip individual allow rules. */
        if (!bpf_device_block_all(prog) && device->allow)
                return false;
-#endif
        return true;
 }
 
 static inline void bpf_device_set_type(struct bpf_program *prog,
                                       struct lxc_list *devices)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        struct lxc_list *it;
 
        lxc_list_for_each (it, devices) {
@@ -104,10 +81,8 @@ static inline void bpf_device_set_type(struct bpf_program *prog,
                if (cur->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE)
                        prog->device_list_type = cur->global_rule;
        }
-#endif
 }
 
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
 __hidden extern struct bpf_program *bpf_program_new(__u32 prog_type);
 __hidden extern int bpf_program_init(struct bpf_program *prog);
 __hidden extern int bpf_program_append_device(struct bpf_program *prog, struct device_item *device);
@@ -123,62 +98,6 @@ __hidden extern bool bpf_devices_cgroup_supported(void);
 
 __hidden extern int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device);
 
-#else /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */
-
-static inline struct bpf_program *bpf_program_new(__u32 prog_type)
-{
-       return ret_set_errno(NULL, ENOSYS);
-}
-
-static inline int bpf_program_init(struct bpf_program *prog)
-{
-       return ret_errno(ENOSYS);
-}
-
-static inline int bpf_program_append_device(struct bpf_program *prog, char type,
-                                           int major, int minor,
-                                           const char *access, int allow)
-{
-       return ret_errno(ENOSYS);
-}
-
-static inline int bpf_program_finalize(struct bpf_program *prog)
-{
-       return ret_errno(ENOSYS);
-}
-
-static inline int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
-                                           int fd_cgroup, int replace_bpf_fd,
-                                           __u32 flags)
-{
-       return ret_errno(ENOSYS);
-}
-
-static inline int bpf_program_cgroup_detach(struct bpf_program *prog)
-{
-       return ret_errno(ENOSYS);
-}
-
-static inline void bpf_program_free(struct bpf_program *prog)
-{
-}
-
-static inline void bpf_device_program_free(struct cgroup_ops *ops)
-{
-}
-
-static inline bool bpf_devices_cgroup_supported(void)
-{
-       return ret_set_errno(false, ENOSYS);
-}
-
-static inline int bpf_list_add_device(struct lxc_conf *conf,
-                                     struct device_item *device)
-{
-       return ret_errno(ENOSYS);
-}
-#endif /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */
-
 define_cleanup_function(struct bpf_program *, bpf_program_free);
 #define __do_bpf_program_free call_cleaner(bpf_program_free)
 

diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 0c7d6f1fd30144f12a7a8a60de0a393f84a6d1e0..6a64b061fe705370ca34dbe18b4388ee227605e7 100644 (file)
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1168,7 +1168,6 @@ static int lxc_cmd_add_state_client_callback(__owns int fd, struct lxc_cmd_req *
 int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
                                  struct device_item *device)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        int stopped = 0;
        struct lxc_cmd_rr cmd = {
                .req = {
@@ -1188,16 +1187,12 @@ int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
                return log_error_errno(-1, errno, "Failed to add new bpf device cgroup rule");
 
        return 0;
-#else
-       return ret_set_errno(-1, ENOSYS);
-#endif
 }
 
 static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *req,
                                                  struct lxc_handler *handler,
                                                  struct lxc_epoll_descr *descr)
 {
-#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
        __do_bpf_program_free struct bpf_program *devices = NULL;
        struct lxc_cmd_rsp rsp = {0};
        struct lxc_conf *conf = handler->conf;
@@ -1298,9 +1293,6 @@ respond:
                return LXC_CMD_REAP_CLIENT_FD;
 
        return 0;
-#else
-       return ret_set_errno(-1, ENOSYS);
-#endif
 }
 
 int lxc_cmd_console_log(const char *name, const char *lxcpath,